<!DOCTYPE html>
<html lang=en>
<head>
    <!-- so meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="HandheldFriendly" content="True">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="description" content="作为最流行的的桌面操作系统，Windows系统的发展在经历数次硬件革命之后，其系统架构也基本稳定，微软号称Windows 10是最后一代操作系统，并统一了Windows各版本的底层架构。  Windows系统是分层的架构，主要分为内核态和用户态，内核态自下而上分为硬件抽象层（HAL）-&gt;内核和驱动层-&gt;执行体，以及窗口管理系统。用户态主要是NTDLL抽象层，以及各种进程，如：底层的系">
<meta property="og:type" content="article">
<meta property="og:title" content="windows">
<meta property="og:url" content="http://yoursite.com/2014/07/27/windows/index.html">
<meta property="og:site_name" content="TmoonSite">
<meta property="og:description" content="作为最流行的的桌面操作系统，Windows系统的发展在经历数次硬件革命之后，其系统架构也基本稳定，微软号称Windows 10是最后一代操作系统，并统一了Windows各版本的底层架构。  Windows系统是分层的架构，主要分为内核态和用户态，内核态自下而上分为硬件抽象层（HAL）-&gt;内核和驱动层-&gt;执行体，以及窗口管理系统。用户态主要是NTDLL抽象层，以及各种进程，如：底层的系">
<meta property="og:locale" content="en_US">
<meta property="article:published_time" content="2014-07-26T16:18:19.000Z">
<meta property="article:modified_time" content="2020-01-07T10:48:15.002Z">
<meta property="article:author" content="Tmoonlight">
<meta name="twitter:card" content="summary">
    
    
        
          
              <link rel="shortcut icon" href="/images/favicon.ico">
          
        
        
          
            <link rel="icon" type="image/png" href="/images/logo2.gif" sizes="192x192">
          
        
        
          
            <link rel="apple-touch-icon" sizes="180x180" href="/images/logo2.gif">
          
        
    
    <!-- title -->
    <title>windows</title>
    <!-- styles -->
    
<link rel="stylesheet" href="/css/style.css">

    <!-- persian styles -->
    
      
<link rel="stylesheet" href="/css/rtl.css">

    
    <!-- rss -->
    
    
<meta name="generator" content="Hexo 4.2.0"></head>

<body class="max-width mx-auto px3 ltr">
    
      <div id="header-post">
  <a id="menu-icon" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="menu-icon-tablet" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="top-icon-tablet" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');" style="display:none;"><i class="fas fa-chevron-up fa-lg"></i></a>
  <span id="menu">
    <span id="nav">
      <ul>
         
          <li><a href="/">Home</a></li>
         
          <li><a href="/about/">About</a></li>
         
          <li><a href="/archives/">Writing</a></li>
         
          <li><a href="/projects_url">Projects</a></li>
        
      </ul>
    </span>
    <br/>
    <span id="actions">
      <ul>
        
        <li><a class="icon" href="/2014/08/02/c++%E4%B9%8B%E6%8C%87%E9%92%88%E4%BD%9C%E4%B8%BA%E5%87%BD%E6%95%B0%E5%8F%82%E6%95%B0%E4%BC%A0%E9%80%92%E7%9A%84%E9%97%AE%E9%A2%98-wang386476890%E7%9A%84%E4%B8%93%E6%A0%8F-CSDN%E5%8D%9A%E5%AE%A2/"><i class="fas fa-chevron-left" aria-hidden="true" onmouseover="$('#i-prev').toggle();" onmouseout="$('#i-prev').toggle();"></i></a></li>
        
        
        <li><a class="icon" href="/2014/07/17/codeonphone/"><i class="fas fa-chevron-right" aria-hidden="true" onmouseover="$('#i-next').toggle();" onmouseout="$('#i-next').toggle();"></i></a></li>
        
        <li><a class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up" aria-hidden="true" onmouseover="$('#i-top').toggle();" onmouseout="$('#i-top').toggle();"></i></a></li>
        <li><a class="icon" href="#"><i class="fas fa-share-alt" aria-hidden="true" onmouseover="$('#i-share').toggle();" onmouseout="$('#i-share').toggle();" onclick="$('#share').toggle();return false;"></i></a></li>
      </ul>
      <span id="i-prev" class="info" style="display:none;">Previous post</span>
      <span id="i-next" class="info" style="display:none;">Next post</span>
      <span id="i-top" class="info" style="display:none;">Back to top</span>
      <span id="i-share" class="info" style="display:none;">Share post</span>
    </span>
    <br/>
    <div id="share" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=http://yoursite.com/2014/07/27/windows/" target="_blank" rel="noopener"><i class="fab fa-facebook " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=http://yoursite.com/2014/07/27/windows/&text=windows" target="_blank" rel="noopener"><i class="fab fa-twitter " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-linkedin " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=http://yoursite.com/2014/07/27/windows/&is_video=false&description=windows" target="_blank" rel="noopener"><i class="fab fa-pinterest " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=windows&body=Check out this article: http://yoursite.com/2014/07/27/windows/"><i class="fas fa-envelope " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-get-pocket " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-reddit " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-stumbleupon " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-digg " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=http://yoursite.com/2014/07/27/windows/&name=windows&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=http://yoursite.com/2014/07/27/windows/&t=windows" target="_blank" rel="noopener"><i class="fab fa-hacker-news " aria-hidden="true"></i></a></li>
</ul>

    </div>
    <div id="toc">
      <ol class="toc"><li class="toc-item toc-level-3"><a class="toc-link" href="#Ntdll-dll"><span class="toc-number">1.</span> <span class="toc-text">Ntdll.dll</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#环境子系统"><span class="toc-number">2.</span> <span class="toc-text">环境子系统</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#系统进程"><span class="toc-number">3.</span> <span class="toc-text">系统进程</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Windows执行体"><span class="toc-number">4.</span> <span class="toc-text">Windows执行体</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#内核"><span class="toc-number">5.</span> <span class="toc-text">内核</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#设备驱动程序"><span class="toc-number">6.</span> <span class="toc-text">设备驱动程序</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#硬件抽象层（HAL）"><span class="toc-number">7.</span> <span class="toc-text">硬件抽象层（HAL）</span></a></li></ol>
    </div>
  </span>
</div>

    
    <div class="content index py4">
        
        <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
  <header>
    
    <h1 class="posttitle" itemprop="name headline">
        windows
    </h1>



    <div class="meta">
      <span class="author" itemprop="author" itemscope itemtype="http://schema.org/Person">
        <span itemprop="name">TmoonSite</span>
      </span>
      
    <div class="postdate">
      
        <time datetime="2014-07-26T16:18:19.000Z" itemprop="datePublished">2014-07-27</time>
        
      
    </div>


      

      

    </div>
  </header>
  

  <div class="content" itemprop="articleBody">
    <blockquote>
<p>作为最流行的的桌面操作系统，Windows系统的发展在经历数次硬件革命之后，其系统架构也基本稳定，微软号称Windows 10是最后一代操作系统，并统一了Windows各版本的底层架构。</p>
</blockquote>
<pre><code>Windows系统是分层的架构，主要分为内核态和用户态，内核态自下而上分为硬件抽象层（HAL）-&gt;内核和驱动层-&gt;执行体，以及窗口管理系统。用户态主要是NTDLL抽象层，以及各种进程，如：底层的系统支持进程-&gt;服务进程-&gt;用户应用程序，如图所示：</code></pre><h3 id="Ntdll-dll"><a href="#Ntdll-dll" class="headerlink" title="Ntdll.dll"></a>Ntdll.dll</h3><pre><code>Ntdll.dll是一个特殊系统支持库，主要用于子系统dll，主要包含两种类型函数：</code></pre><ul>
<li><p>系统服务分发存根，调用Windows执行体系统服务</p>
</li>
<li><p>内部支持函数，供子系统，子系统dll，以及exe映像文件使用</p>
</li>
</ul>
<p>Ntdll.dll里面提供的函数大多未文档化，并以Nt开头命名。</p>
<h3 id="环境子系统"><a href="#环境子系统" class="headerlink" title="环境子系统"></a>环境子系统</h3><pre><code>环境子系统就是针对Windows不同版本（如：Windows 7 旗舰版，Windows Server2008 R2这种）上的运行环境。每个exe可执行映像，未必可在所有版本Windows系统上运行。VC++中link命令的/SUBSYSTEM修饰符可以指定该exe映像的可执行环境（如：dll集）。

环境子系统进程Csrss.exe(Client/Server Run-Time Subsystem)就是客户机/服务器运行时子系统，子系统是会话管理器（Smss.exe）进程起来的。</code></pre><h3 id="系统进程"><a href="#系统进程" class="headerlink" title="系统进程"></a>系统进程</h3><ul>
<li><p>Idle进程（特殊进程，其实是CPU空闲时间）</p>
</li>
<li><p>System进程（特殊进程，包含大多数内核模式系统进程）</p>
</li>
<li><p>会话管理器（Smss.exe）</p>
</li>
<li><p>本地会话管理器（Lsm.exe）</p>
</li>
<li><p>会话0初始化（Wininit.exe）</p>
</li>
<li><p>登录进程（Winlogon.exe）</p>
</li>
<li><p>服务控制管理器（Services.exe）</p>
</li>
<li><p>本地安全认证服务器（Lsass.exe）</p>
</li>
</ul>
<hr>
<h3 id="Windows执行体"><a href="#Windows执行体" class="headerlink" title="Windows执行体"></a>Windows执行体</h3><pre><code>Windows执行体是Ntoskrnl.exe的上层（其下层是内核），主要包含以下组件：</code></pre><ul>
<li><p>配置管理器</p>
</li>
<li><p>进程管理器</p>
</li>
<li><p>安全引用监视器</p>
</li>
<li><p>I/O管理器</p>
</li>
<li><p>即插即用（Pnp）管理器</p>
</li>
<li><p>电源管理器</p>
</li>
<li><p>Windows驱动程序模型</p>
</li>
<li><p>缓存管理器</p>
</li>
<li><p>内存管理器</p>
</li>
<li><p>对象管理器</p>
</li>
</ul>
<h3 id="内核"><a href="#内核" class="headerlink" title="内核"></a>内核</h3><pre><code>内核是Ntoskrnl.exe的下层，主要包括：</code></pre><ul>
<li><p>内核对象</p>
</li>
<li><p>内核处理器控制区和控制块</p>
</li>
</ul>
<p>此处较为复杂，后面还有专门文章讲解</p>
<h3 id="设备驱动程序"><a href="#设备驱动程序" class="headerlink" title="设备驱动程序"></a>设备驱动程序</h3><pre><code>设备驱动程序运行在内核模式下，主要为发起I/O请求的用户线程中，设备驱动程序主要分为以下几种：</code></pre><ul>
<li><p>硬件设备驱动</p>
</li>
<li><p>文件系统驱动</p>
</li>
<li><p>文件系统过滤驱动</p>
</li>
<li><p>其他：（网络重定向，协议驱动，内核流失过滤驱动）</p>
</li>
</ul>
<p>驱动程序框架：</p>
<ul>
<li><p>早期的WDM，对应DDK开发工具包</p>
</li>
<li><p>基于WDM封装的WDF框架，对应WDK开发工具包</p>
</li>
</ul>
<h3 id="硬件抽象层（HAL）"><a href="#硬件抽象层（HAL）" class="headerlink" title="硬件抽象层（HAL）"></a>硬件抽象层（HAL）</h3><pre><code>硬件抽象层是的Windows可以被移植到各种硬件平台，它是一个可加载的内核模块，针对不同的硬件平台，提供了统一的服务接口。</code></pre>
  </div>
</article>



        
          <div id="footer-post-container">
  <div id="footer-post">

    <div id="nav-footer" style="display: none">
      <ul>
         
          <li><a href="/">Home</a></li>
         
          <li><a href="/about/">About</a></li>
         
          <li><a href="/archives/">Writing</a></li>
         
          <li><a href="/projects_url">Projects</a></li>
        
      </ul>
    </div>

    <div id="toc-footer" style="display: none">
      <ol class="toc"><li class="toc-item toc-level-3"><a class="toc-link" href="#Ntdll-dll"><span class="toc-number">1.</span> <span class="toc-text">Ntdll.dll</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#环境子系统"><span class="toc-number">2.</span> <span class="toc-text">环境子系统</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#系统进程"><span class="toc-number">3.</span> <span class="toc-text">系统进程</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#Windows执行体"><span class="toc-number">4.</span> <span class="toc-text">Windows执行体</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#内核"><span class="toc-number">5.</span> <span class="toc-text">内核</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#设备驱动程序"><span class="toc-number">6.</span> <span class="toc-text">设备驱动程序</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#硬件抽象层（HAL）"><span class="toc-number">7.</span> <span class="toc-text">硬件抽象层（HAL）</span></a></li></ol>
    </div>

    <div id="share-footer" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=http://yoursite.com/2014/07/27/windows/" target="_blank" rel="noopener"><i class="fab fa-facebook fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=http://yoursite.com/2014/07/27/windows/&text=windows" target="_blank" rel="noopener"><i class="fab fa-twitter fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-linkedin fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=http://yoursite.com/2014/07/27/windows/&is_video=false&description=windows" target="_blank" rel="noopener"><i class="fab fa-pinterest fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=windows&body=Check out this article: http://yoursite.com/2014/07/27/windows/"><i class="fas fa-envelope fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-get-pocket fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-reddit fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-stumbleupon fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=http://yoursite.com/2014/07/27/windows/&title=windows" target="_blank" rel="noopener"><i class="fab fa-digg fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=http://yoursite.com/2014/07/27/windows/&name=windows&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=http://yoursite.com/2014/07/27/windows/&t=windows" target="_blank" rel="noopener"><i class="fab fa-hacker-news fa-lg" aria-hidden="true"></i></a></li>
</ul>

    </div>

    <div id="actions-footer">
        <a id="menu" class="icon" href="#" onclick="$('#nav-footer').toggle();return false;"><i class="fas fa-bars fa-lg" aria-hidden="true"></i> Menu</a>
        <a id="toc" class="icon" href="#" onclick="$('#toc-footer').toggle();return false;"><i class="fas fa-list fa-lg" aria-hidden="true"></i> TOC</a>
        <a id="share" class="icon" href="#" onclick="$('#share-footer').toggle();return false;"><i class="fas fa-share-alt fa-lg" aria-hidden="true"></i> Share</a>
        <a id="top" style="display:none" class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up fa-lg" aria-hidden="true"></i> Top</a>
    </div>

  </div>
</div>

        
        <footer id="footer">
  <div class="footer-left">
    Copyright &copy; 2020 Tmoonlight
  </div>
  <div class="footer-right">
    <nav>
      <ul>
         
          <li><a href="/">Home</a></li>
         
          <li><a href="/about/">About</a></li>
         
          <li><a href="/archives/">Writing</a></li>
         
          <li><a href="/projects_url">Projects</a></li>
        
      </ul>
    </nav>
  </div>
</footer>

    </div>
    <!-- styles -->

<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">


<link rel="stylesheet" href="/lib/justified-gallery/css/justifiedGallery.min.css">


    <!-- jquery -->

<script src="/lib/jquery/jquery.min.js"></script>


<script src="/lib/justified-gallery/js/jquery.justifiedGallery.min.js"></script>

<!-- clipboard -->

  
<script src="/lib/clipboard/clipboard.min.js"></script>

  <script type="text/javascript">
  $(function() {
    // copy-btn HTML
    var btn = "<span class=\"btn-copy tooltipped tooltipped-sw\" aria-label=\"Copy to clipboard!\">";
    btn += '<i class="far fa-clone"></i>';
    btn += '</span>'; 
    // mount it!
    $(".highlight table").before(btn);
    var clip = new ClipboardJS('.btn-copy', {
      text: function(trigger) {
        return Array.from(trigger.nextElementSibling.querySelectorAll('.code')).reduce((str,it)=>str+it.innerText+'\n','')
      }
    });
    clip.on('success', function(e) {
      e.trigger.setAttribute('aria-label', "Copied!");
      e.clearSelection();
    })
  })
  </script>


<script src="/js/main.js"></script>

<!-- search -->

<!-- Google Analytics -->

<!-- Baidu Analytics -->

<!-- Disqus Comments -->


</body>
</html>
